Victor Stinner avatar Victor Stinner committed b68fadb

Automated commit message

Comments (0)

Files changed (1)

+**[[Home|Back to homepage]]**
+== Forensic and data recovery ==
+=== For files ===
+ * **[[hachoir-subfile|hachoir-subfile]]**
+ * **[[|Photorec]]**: File header and footer database, tools to sort file by content (eg. using EXIF metadata)
+ * **[[|Scalpel]]**: fast file carver that reads a database of header and footer definitions and extracts matching files from a set of image files or raw device files. Scalpel is a fork of Foremost.
+ ** [[|Foremost]]: //console program to recover files based on their headers, footers, and internal data structures//
+ * [[|Magic Rescue]]: File header database, tools to recover file start (scripts using external program like gzip, mencoder, jpegtran, etc.)
+ * [[|anyfs-tools]]: UNIX-way toolset for recovering and converting filesystems for Linux OS
+ * **[[|Autopsy]]** Forensic Browser
+=== For file systems ===
+ * [[|TestDisk]] (//Christophe GRENIER//): recover lost partitions and make non-booting disks bootable again
+ * parted
+ * EXT2/EXT3: [[|ext3rminator]] (//Mike Hommey//)
+ * EXT2/EXT3: [[|giis]] (//giis-get it i say//)
+ * [[|ddrescue]] (//Antonio Diaz//): special version of dd (copy from a device to a file), specific to read damaged hard drives. Try also [[|dd_rescue]] by //Kurt Garloff//.
+=== For file and file systems ===
+ * [[|The Sleuth Kit]]
+ * [[|The Coroner's Toolkit (TCT)]]
+=== For memory ===
+ * [[MemoryDump|Forensics on memory dump]]
+ * [[|Komoku Forensics]]
+== Forensics websites ==
+ * [[|]]: Great directory of forensics tools
+ * [[|Digital Forensic Research Workshop (DFRWS)]]
+ * [[|]]: Windows programs (PE) reverge engineering
+ * [[|]] : //Linux Forensics// and //FCCU GNU/Linux Forensic Boot CD//
+== See also ==
+ * [[ReverseEngineering|Reverse engineering]]
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.